Support pre-formatted PSS signatures.
* src/p11-signinit.c (C_SignInit): Allow CKM_RSA_X_509. * src/slots.c (struct session): Add field signing_mechanism_type. (session_set_signing_key): Add arg mechanism_type and store it in the session. * src/agent.c (agent_connect): Use --chuid if a user has been configured. (has_leading_keyword): New. (default_inq_cb): Use it. (struct sethash_inq_parm_s): New. (sethash_inq_cb): New. (scute_agent_sign): Add arg mechanism_type and use --inquire optionally with --pss if CKM_RSA_X_509 is used.
This has been tested with OpenVPN 2.4.7 and a Yubikey with a PIV
certificate. Non-PSS with raw data (ie. partly created pkcs#1) should
also work but has not been tested. GnuPG 2.3 is required there are no
checks to make this sure which is okay because it did not worked in
the past either.
- Signed-off-by: Werner Koch <wk@gnupg.org>